Sign-up

ID

VAR-202007-1037


CVE

CVE-2020-3369


TITLE

Cisco SD-WAN vEdge Vulnerabilities in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008335

DESCRIPTION

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition. Cisco SD-WAN vEdge An unspecified vulnerability exists in the router.Service operation interruption (DoS) It may be put into a state. Cisco SD-WAN vEdge 5000 Series Routers is Cisco's SD-WAN solution routing equipment

Trust: 2.25

sources: NVD: CVE-2020-3369 // JVNDB: JVNDB-2020-008335 // CNVD: CNVD-2020-41235 // VULHUB: VHN-181494

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41235

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:eqversion:19.2.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.097

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.0

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.098

Trust: 1.0

vendor:ciscomodel:vedge cloud routerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope: - version: -

Trust: 0.8

vendor:ciscomodel:vedge cloud router platformscope: - version: -

Trust: 0.8

vendor:ciscomodel:sd-wan vedge series routersscope:eqversion:500019.2.0

Trust: 0.6

vendor:ciscomodel:sd-wan vedge series routersscope:eqversion:500019.2.1

Trust: 0.6

vendor:ciscomodel:sd-wan vedge series routersscope:eqversion:500019.2.097

Trust: 0.6

vendor:ciscomodel:sd-wan vedge series routersscope:eqversion:500019.2.098

Trust: 0.6

vendor:ciscomodel:sd-wan vedge cloud routerscope:eqversion:19.2.0

Trust: 0.6

vendor:ciscomodel:sd-wan vedge cloud routerscope:eqversion:19.2.097

Trust: 0.6

vendor:ciscomodel:sd-wan vedge cloud routerscope:eqversion:19.2.098

Trust: 0.6

vendor:ciscomodel:sd-wan vedge cloud routerscope:eqversion:19.2.1

Trust: 0.6

sources: CNVD: CNVD-2020-41235 // JVNDB: JVNDB-2020-008335 // NVD: CVE-2020-3369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3369
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3369
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008335
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-41235
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202007-1079
value: HIGH

Trust: 0.6

VULHUB: VHN-181494
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3369
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008335
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-41235
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181494
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3369
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3369
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008335
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-41235 // VULHUB: VHN-181494 // JVNDB: JVNDB-2020-008335 // CNNVD: CNNVD-202007-1079 // NVD: CVE-2020-3369 // NVD: CVE-2020-3369

PROBLEMTYPE DATA

problemtype:CWE-118

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-008335 // NVD: CVE-2020-3369

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1079

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202007-1079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008335

PATCH
title:cisco-sa-fpdos-hORBfd9furl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fpdos-hORBfd9f
Trust: 0.8
title:Patch for Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Router denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/226371
Trust: 0.6
title:Cisco SD-WAN vEdge 5000 Series Routers  and SD-WAN vEdge Cloud Router Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124561
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-41235 // 
            
            
            
            JVNDB: JVNDB-2020-008335 // 
            
            
            
            CNNVD: CNNVD-202007-1079

EXTERNAL IDS
db:NVDid:CVE-2020-3369
Trust: 3.1
db:JVNDBid:JVNDB-2020-008335
Trust: 0.8
db:CNNVDid:CNNVD-202007-1079
Trust: 0.7
db:CNVDid:CNVD-2020-41235
Trust: 0.6
db:AUSCERTid:ESB-2020.2424
Trust: 0.6
db:NSFOCUSid:48356
Trust: 0.6
db:VULHUBid:VHN-181494
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-41235 // 
            
            
            
            VULHUB: VHN-181494 // 
            
            
            
            JVNDB: JVNDB-2020-008335 // 
            
            
            
            CNNVD: CNNVD-202007-1079 // 
            
            
            
            NVD: CVE-2020-3369

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fpdos-horbfd9f
Trust: 2.9
url:https://nvd.nist.gov/vuln/detail/cve-2020-3369
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3369
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2424/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48356
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-router-denial-of-service-via-dpi-32855
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-41235 // 
            
            
            
            VULHUB: VHN-181494 // 
            
            
            
            JVNDB: JVNDB-2020-008335 // 
            
            
            
            CNNVD: CNNVD-202007-1079 // 
            
            
            
            NVD: CVE-2020-3369

SOURCES
db:CNVDid:CNVD-2020-41235
db:VULHUBid:VHN-181494
db:JVNDBid:JVNDB-2020-008335
db:CNNVDid:CNNVD-202007-1079
db:NVDid:CVE-2020-3369

LAST UPDATE DATE
2024-11-23T21:35:30.300000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-41235date:2020-07-21T00:00:00
db:VULHUBid:VHN-181494date:2020-07-24T00:00:00
db:JVNDBid:JVNDB-2020-008335date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1079date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3369date:2024-11-21T05:30:53.670

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-41235date:2020-07-20T00:00:00
db:VULHUBid:VHN-181494date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008335date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1079date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3369date:2020-07-16T18:15:18.267